This content has been marked as final. Show 2 replies
Unfortunately, most HSMs do not support the WRAP_MODE even with their native JCE Providers - let alone through the SunPKCS11 Bridge. At least two HSMs that we tested did not support it. We had to use the standard ENCRYPT_MODE and DECRYPT_MODEs, of the Cipher, treating the symmetric key like any other data-object to "wrap" the key with an asymmetric key in a hardware modul. As an aside, we're using the native JCE Provider from the HSM manufacturers - going through the P11 Bridge creates too many headaches wrt support - better to have just one head - the HSM manufacturer's - under the guillotine when resolving problems. :-)1 person found this helpful
I've received an answer from Valerie (Yu-Ching) Peng, on which she says that there is an open issue (4898471 "Support for key wrapping and unwrapping") regarding this subject.
For now, I'll have to use the native JCE Provider (I've already tested it and it's working), since the SunPKCS11 Provider does not support key wrapping.
The thread can be seen here: http://web.archiveorange.com/archive/v/d4wYG2VpF9TPPlWC2Ng7
Thank you for your time,
Paulo Ricardo Ribeiro